French privacy regulator fines Google, Facebook for misleading user interface design

In context: Recently, we have seen a huge push towards user privacy on the Internet. In addition to the General Data Protection Regulation (GDPR), European countries have in many cases backed down when it comes to data collection and user tracking.

The latest in this privacy-focused effort comes out of France, where the National Commission for Informatics and Liberties (CNIL) has fine Google € 150 million ($ 170 million) and Facebook € 60 million ($ 68 million) for making disabling cookies too confusing for users. In addition to the fines, the two companies have 90 days to make changes to make it easier to reject cookies or face a fine of € 100,000 per day.

According to the CNIL, Facebook and Google use “dark patterns” to trick users into accepting tracking cookies. Dark patterns are methods of designing a user interface in a way that confuses the user or leads them to believe that they have no choice in the matter, for example presenting a dialog box that requires users to accept cookies before accessing content, then hide means of rejecting cookies behind other menus.

Google job a dark pattern similar to the example given above. The watchdog says Google’s websites, including YouTube, offer a way to accept all cookies with one click, but users must navigate through multiple menus to reject all cookies. The CNIL claims that Google intentionally makes it harder to reject cookies so that users can take the easiest route and just accept them.

In the case of Facebook, the CNIL specifies that the company also offers a one-click solution to accept all cookies but requires several clicks to refuse them. Moreover, Facebook deceptively Labels the button to deactivate “Accept cookies”, letting people believe that they have no choice.

The CNIL claims that the two bodies violate European law, forcing citizens to fully understand their decisions when they consent to data collection. Interestingly, the CNIL does not rely in any of the cases on the current GDPR law. Instead, it uses older legislation called the ePrivacy Directive.

TechCrunch notes that Irish privacy regulators impose GDPR violations filed by any member of the EU are very slow to act. Many American tech companies are relocating their European headquarters to Ireland, mainly due to more flexible taxation and regulation. However, the ePrivacy Directive allows European countries to directly apply sanctions in their own country. France therefore uses it to ensure that Facebook and Google are held accountable in a timely manner.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Trending this Week